WO2003075531A1 - Method and system for a network management console - Google Patents
Method and system for a network management console Download PDFInfo
- Publication number
- WO2003075531A1 WO2003075531A1 PCT/CA2003/000307 CA0300307W WO03075531A1 WO 2003075531 A1 WO2003075531 A1 WO 2003075531A1 CA 0300307 W CA0300307 W CA 0300307W WO 03075531 A1 WO03075531 A1 WO 03075531A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- access list
- agent
- data network
- user
- user access
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/102—Entity profiles
Definitions
- the present invention relates to a method and a system for identifying and notifying unauthorized access to data network services.
- a data communications network is increasingly becoming an essential component of every organization. This component is often critical enough to require constant monitoring to ensure proper performance and authorized accesses.
- Various data network management tools exist for this purpose.
- the management tools interrogate data network devices to gather information about the device and its environment.
- the most pervasive tool is the Simple Network Management Protocol (SNMP) - a standard implemented in network nodes to publish information for the purposes of data network management.
- SNMP Simple Network Management Protocol
- the model assumed by SNMP is a central management station and a number of data collection points, known to the skilled artisan as software agents, or agents.
- the agents are instructed by the management station of what information to collect.
- the management stations then collect this information from the agents through SNMP.
- the data and functions the agent supports are specified in a well known data structure called a Management Information Base (MIB).
- MIB specifies which variables the management station contains, such as the information that can be queried and set by the management station. This queried information often includes information that is sensitive to the organization and should be directed only through a Network Management Console (NMC) - a device which manages the data network.
- NMC Network Management Console
- NOC Network Operations Console
- the NOC may want to be aware of "out-of-the-ordinary" accesses of service nodes in the data network. Such "out-of-the-ordinary" accesses might be indicative of possible security breaches by any unauthorized users within the data network. This assumes added significance in the light of the CERT® (Computer Emergency Response Team) Advisory on SNMP, issued February 12, 2002, by the CERT® Coordination Center, which has caused increased scrutiny on the use of SNMP within a data network.
- CERT® Computer Emergency Response Team
- a firewall is a data network node having the capability of blocking off access from a node, or nodes, within the data network to a service, or services, provided by another node, or nodes, within the data network.
- the main purpose of a firewall is to protect a networked entity, i.e., a corporation's intranet, from unauthorized accesses while permitting authorized accesses.
- the firewall separates an interconnected data network into a "trusted network” and an "untrusted network”.
- the firewall is concerned with the data interaction between the two data networks.
- the present invention seeks to provide a system and a method identifying unauthorized accesses to a data network service by a user node in the data network.
- the present invention further seeks to provide a system and a method embodied in an NMC or a similar data network management system.
- the present invention provides both a method and a system for identifying unauthorized accesses to a data network service by a particular node in a data network.
- the NMC communicates with an agent periodically to gather a list of users of the service node.
- An agent is installed on the service node to monitor all network accesses to the service.
- the agent maintains a list of all accesses to that service node. This list is stored internally by the agent and queried for by the NMC periodically.
- the access information stored by the agent is periodically retrieved by the NMC for all monitored nodes and compared with the authorization list for the node. If unauthorized accesses are found, they are identified by the NMC. These unauthorized accesses can be notified to the appropriate entity in a number of ways such as through paging, email, a report viewable through the NMC, or any suitable manner of notification.
- the present invention is advantageous in that it is cost-effective and provides a software-only solution with centralized control for network-wide monitoring.
- the present invention provides a data network management system for identifying unauthorized access to a network service, provided at a service node in a data network, by a user node in said data network, said system comprising: a data communication means for communicating with an agent at said service node and for retrieving a user access list from said agent, said user access list including at least one network address corresponding to at least one user node in said network; a database for maintaining an authorized access list for said service node; and a data processing means for comparing said user access list to said authorized user access list and for updating said authorized user access list, said authorized user access list being maintained in said database, an updated authorized user access list based on an updated user access list for said agent.
- the present invention provides a method for identifying unauthorized access to a network service, provided at a service node in a data network, by a user node in said data network, of steps comprising: a) retrieving a user access list, for a given period of time, from an agent at said service node in said data network; b) comparing said user access list to an authorized access list; c) determining an unauthorized access based on the comparison step b); d) if unauthorized access determined in step c), initiating a notification process.
- the present invention provides computer-readable medium having stored thereon, computer-readable and computer-executable instructions which, when executed by a processor, cause said processor to perform steps comprising: a) retrieving a user access list, for a given period of time, from an agent at a service node in a data network; b) comparing said user access list to an authorized access list; c) determining an unauthorized access based on the comparison step b); d) if unauthorized access determined in step c), initiating a notification process.
- the present invention provides in a computer for use in a data network, said computer comprising: a storage means; a central processing unit; a data communication means for communicating with an agent at a service node and for retrieving a user access list from said agent, said user access list including at least one network address corresponding to at least one user node in said data network; said storage means having a database for maintaining an authorized access list for said service node; and a data processing means for comparing said user access list to said authorized user access list and for updating said authorized user access list, said authorized user access list being maintained in said database, an updated authorized user access list based on an updated user access list for said agent.
- FIGURE 1 is a block diagram of a data network having a network management system embodying the present invention.
- FIGURE 2 is a flowchart detailing the steps for configuring the network management system in accordance with the present invention.
- FIGURE 3 is a subsidiary flowchart of FIGURE 2 detailing the steps for identifying unauthorized accesses in a data network in accordance with the present invention.
- FIGURE 4 is a timing diagram detailing a sequence of events between the network manager and user agents located at various nodes in a data network in accordance with the present invention.
- FIGURE 1 is a block diagram of a data. network 100 having a network management system 110, hereinafter referred to as the NMC, in accordance with the present invention.
- a line 120 divides the data network 100.
- a "trusted" network 130 is shown within the data network 100.
- the "trusted' network 130 is defined as any organization or data network of nodes within which there is no firewall.
- To the right of the line 120 is a conventional firewall 140.
- the firewall 140 protects the "trusted" network 130 from the Internet 150.
- a network management system, such as NMC 110 discovers devices and their attributes in.a network.
- IP Internet Protocol
- devices may have Media Access Control (MAC) addresses, unique and local Domain Name Server (DNS) names, SNMP system names, WindowsTM names and several other discriminators.
- MAC Media Access Control
- DNS Domain Name Server
- SNMP Network Management Function
- WindowsTM WindowsTM
- a user at a node within any given network can select a device uniquely using one of a choice of metrics. Based on those discoveries, the network management system determines the physical topology of the network.
- the "trusted" data network 130 is an example of the data network arrangement of a corporation's intranet communicating through use of SNMP.
- the Finance department 160 consists of User A 200, User B 210, as well as a Finance database 230.
- the HR department 170 consists of User C 240, User D 250, and an HR database 260.
- the R&D Department 180 consists of User X 270, User Y 280, and User Z 290.
- the IT department 190 consists of the NMC 110 and a file server 300.
- each user 200, 210, 240, 250, 270, 280, each database 230, 260, the file server 300, and the NMC 110 are independently located at nodes having corresponding network addresses within the "trusted" data network 130.
- each database 230, 260, as well as the file server 300 contains data related to their corresponding department. Depending on the department, the data contained in each database may be deemed accessible to only certain users. It is further assumed that each database 230, 260, as. well as the file server 300 includes an agent capable of communicating information about its node to the NMC 110 node.
- the present invention includes an NMC 110
- the use of software agents is an integral part of the present invention.
- the agent maintains a list of all accesses to network services on that node.
- the agent monitors network accesses to and from the node and maintains a list of accesses internally.
- an agent that provides this information through an SNMP MIB
- FIGURE 1 it is assumed that the each database 230, 260, as well as the file server 300, include an SNMP agent.
- the NMC 110 Prior to operation, the NMC 110 is configured with a list of authorized users for each service node.
- the service nodes are both databases 230, 260, as well as the file server 300.
- a common authorization list exists for a group of user nodes, this configuration is simplified by having the NMC 110 accept a range of user nodes for a given authorization list. For example, the users in the Finance Department 160 are listed in the authorization list associated with the Finance database 230.
- the solid, linear lines illustrate an authorized access between any one of the users 200, 210, 240, 250, 270, 280, the databases 230, 260, or the file server 300.
- the dashed, linear lines illustrate an unauthorized access between any one of the users 200, 210, 240, 250, 270, 280 and the databases 230, 260.
- User X 270 has authorized access to the HR database 260 but unauthorized access to the Finance Database 230.
- both the Finance database 230 and the HR database 260 each have agents which will maintain a service access list. As User X 270 has accessed both databases, each of their agents will have stored the network address assigned to User X 270 in their service access list.
- the NMC 110 communicates with the various nodes in the "trusted" data network, through their agents.
- the NMC 110 as part of its regular operation, periodically polls each of the nodes it has discovered to retrieve information. If the node has a suitable agent installed, in addition to the regular queries it also retrieves service access information. The service access information is validated with an authorized service list for that service node. If unauthorized users are identified, they may be stored in the NMC's database (not shown) for notification.
- the NMC 110 would have retrieved the service access list from the Finance database 230 through its database agent.
- the service access list would have listed User X 270, among others, such as User A 200 and User B 210, as having accessed the Finance database 230.
- the NMC 110 retrieves an authorized access list associated with the Finance database 230, from the NMC database (not shown). By comparing the lists, the NMC 110 determines that User X 270 is not a listed authorized user on the authorized service list for the Finance database 230. It follows that User X 270 would have been identified by the NMC 110 as an unauthorized user of the Finance database 230.
- the NMC 110 continues to retrieve service access lists for service nodes not previously polled in the network, as well as periodically poll service nodes already polled.
- the NMC 110 would have also identified the HR database 260 as a service node.
- the NMC 110 would retrieve the service access list from the HR database 260 through its database agent. Again, by comparing the lists, the NMC 110 would have identified User X 270 as an authorized user of the HR database 260.
- a notification configuration is checked to determine the appropriate notification mechanism. For example, nodes with a high enough priority may require a page sent out whereas nodes, such as workstations, that are considered less significant may require an email notification to the department administrator. In addition to these asynchronous notifications, these access violations are also stored in a report maintained by the NMC 110.
- step 400 the NMC begins the process of discovering the network by identifying all service nodes.
- step 410 determines if a suitable agent is already installed at the service node. If a suitable agent is installed, then step 430 is executed. If a suitable agent is not already installed, then in step 420 the NMC 110 installs a suitable agent at that node. Essentially, a software module is sent to the service node from the NMC 110. It should be mentioned that the step 420 of installing may be done manually " prior to, or after, commencing this process.
- the agent is enabled to monitor user accesses to the service node and store the access information internally.
- the agent may also be configured, by the NMC 110, to discard stored access information after expiry time.
- the NMC 110 is configured with an authorized access list for the service node if not in existence.
- An authorized access list may already be present for the service node if there exists an' authorized access list in the NMC 110 that is associated with a range of IP addresses and the service node is within the address range.
- the NMC authorized access list may include specifying an IP range of discovered nodes. Accordingly, the IP address range would be defined to include the whole network and include the NMC's IP address in its authorized users access list.
- the configuration step also includes setting the polling frequency.
- FIGURE 3 is a flowchart detailing a subsidiary process for identifying unauthorized accesses in a data network in accordance with the present invention.
- the process uses connector A 440 to begin with by step 470.
- step 470 it is determined whether the NMC should poll the agent at a specific service. node, i.e. retrieve user access information.
- step 480 the NMC retrieves a user access list from the agent at the service node.
- step 490 the NMC compares the user access list with an authorized access list associated with the service node. Based on the comparison in step 490, step 500 determines whether an unauthorized access of a service node was identified. If step 500 does not identify an unauthorized access, then step 510 is executed.
- step 520 selects a suitable notification mechanism. Fi all , in step 520, the authorized access list stored in the NMC is updated with any access information sent by the agent of the service node. The process is then ended by using connector B 450 to return to step 460 of FIGURE 2.
- the frequency of the polling step 470 by the NMC is adjustable by the NOC. Increased frequency results in shorter average delays in the notification of problems at the cost of increased network traffic.
- the NMC is also configured with a list of authorized users for each node. Since in most cases, a common authorization list exists for a group of nodes, this configuration is simplified by the NMC maintaining a range of nodes for a given authorization list. For each unique authorization list, the NMC simply determines whether a user node is within the range of nodes authorized to access the service node.
- FIGURE 4 illustrates a timing diagram detailing a sequence of events between the NMC 110 and the service agents, 230A and 260A, respectively.
- the dashed lines indicate that the events are conditional for reasons explained earlier in exampled.from FIGURES 1, 2, and 3.
- the NMC 110 and the service A agent 230A communicate in a series of events, 570, 590, and 600. Basically, these events enable the NMC 110 to request and retrieve the access list from the service A agent 230A.
- the internal NMC events which follow, 630, 640, 650, are performed within the NMC 110.
- the event 630 enables the NMC 110 to compare the access list with an authorized user list stored in the NMC database. Based on the comparison, unauthorized users are identified.
- the subsequent events 640 and 650 are conditional on whether an unauthorized user has been identified. If an unauthorized user is identified, the NMC 110 selects a suitable notification mechanism in event 640 and then sends the notification in event 650.
- the events 660 through to 670 are executed concomitantly with the internal NMC events 630, 640, 650.
- the events 660 through 670 represent the request and retrieval of an access list from the service B agent 260A by the NMC 110.
- the timing diagram should illustrate that while the NMC 110 is executing the notification event ' 650 with respect to an unauthorized user, the NMC 110 may also be retrieving data from the service B agent 260A.
- the multi-tasking ability of the NMC 110 is advantageous in that the identification and the notification of unauthorized users for various services nodes may be performed simultaneously, not just one service node for a given time interval.
- the NMC could also retrieve the authorization access list by querying a Lightweight Directory Accees Protcol (LDAP) server, for example, or by some other method.
- LDAP Lightweight Directory Accees Protcol
- the present invention would not require any modifications to the node apart from some software configuration settings on the agent which can be done automatically from the NMC.
- the present invention is not limited to use in a "trusted" data network.
- the present invention is also applicable to external data networks where the identification of unauthorized accesses is required. Both the system and method of the present invention are also applicable to other data network services. For example, in a network running an OracleTM database, created by Oracle, where sensitive data is managed, there may be a need to ensure that only authorized users access the service over the data network.
Abstract
Description
Claims
Priority Applications (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US10/506,815 US8676972B2 (en) | 2002-03-06 | 2003-03-06 | Method and system for a network management console |
CA002478128A CA2478128A1 (en) | 2002-03-06 | 2003-03-06 | Method and system for a network management console |
AU2003208222A AU2003208222A1 (en) | 2002-03-06 | 2003-03-06 | Method and system for a network management console |
EP03706175A EP1481523A1 (en) | 2002-03-06 | 2003-03-06 | Method and system for a network management console |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US36170902P | 2002-03-06 | 2002-03-06 | |
US60/361,709 | 2002-03-06 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2003075531A1 true WO2003075531A1 (en) | 2003-09-12 |
Family
ID=27789135
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CA2003/000307 WO2003075531A1 (en) | 2002-03-06 | 2003-03-06 | Method and system for a network management console |
Country Status (5)
Country | Link |
---|---|
US (1) | US8676972B2 (en) |
EP (1) | EP1481523A1 (en) |
AU (1) | AU2003208222A1 (en) |
CA (1) | CA2478128A1 (en) |
WO (1) | WO2003075531A1 (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
AT500912A1 (en) * | 2003-10-13 | 2006-04-15 | Siemens Ag | METHOD FOR REMOTE MAINTENANCE AND / OR MONITORING OF A SYSTEM TO MAINTAIN |
Families Citing this family (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20050050213A1 (en) * | 2003-09-03 | 2005-03-03 | James Clough | Authorizing network requests |
US7877469B2 (en) * | 2006-02-01 | 2011-01-25 | Samsung Electronics Co., Ltd. | Authentication and authorization for simple network management protocol (SNMP) |
US8874719B1 (en) * | 2013-12-19 | 2014-10-28 | Architecture Technology Corporation | Context-aware network and situation management for crypto-partitioned networks |
US10395050B2 (en) * | 2016-03-08 | 2019-08-27 | Oracle International Corporation | Policy storage using syntax graphs |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP0580350A1 (en) * | 1992-07-21 | 1994-01-26 | Digital Equipment Corporation | Access control subsystem and method for distributed computer system using locally cached authentication credentials |
WO2002014987A2 (en) * | 2000-08-18 | 2002-02-21 | Camelot Information Technologies Ltd. | An adaptive system and architecture for access control |
Family Cites Families (15)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5627967A (en) * | 1991-09-24 | 1997-05-06 | International Business Machines Corporation | Automated generation on file access control system commands in a data processing system with front end processing of a master list |
DE69632144T2 (en) | 1995-11-16 | 2004-11-25 | Loran Network Systems, L.L.C., Wilmington | METHOD FOR DETERMINING THE TOPOLOGY OF A NETWORK OF OBJECTS |
US5826014A (en) | 1996-02-06 | 1998-10-20 | Network Engineering Software | Firewall system for protecting network elements connected to a public network |
US6122740A (en) * | 1996-12-19 | 2000-09-19 | Intel Corporation | Method and apparatus for remote network access logging and reporting |
FI104667B (en) * | 1997-07-14 | 2000-04-14 | Nokia Networks Oy | Implementation of access service |
US6424929B1 (en) | 1999-03-05 | 2002-07-23 | Loran Network Management Ltd. | Method for detecting outlier measures of activity |
US6539540B1 (en) * | 1999-05-24 | 2003-03-25 | 3Com Corporation | Methods and apparatus for optimizing simple network management protocol (SNMP) requests |
US6463474B1 (en) * | 1999-07-02 | 2002-10-08 | Cisco Technology, Inc. | Local authentication of a client at a network device |
US6519639B1 (en) | 1999-07-21 | 2003-02-11 | Microsoft Corporation | System and method for activity monitoring and reporting in a computer network |
US6519703B1 (en) | 2000-04-14 | 2003-02-11 | James B. Joyce | Methods and apparatus for heuristic firewall |
US20020129355A1 (en) | 2001-03-01 | 2002-09-12 | Mike Velten | Method and system for monitoring an apparatus for a computer |
US7131123B2 (en) | 2001-04-30 | 2006-10-31 | Opsware Inc. | Automated provisioning of computing networks using a network database model |
DE60129942T2 (en) | 2001-06-18 | 2008-04-17 | Hewlett-Packard Development Co., L.P., Houston | Method and system for identifying devices connected via a network, e.g. Personal computer |
US20030009552A1 (en) | 2001-06-29 | 2003-01-09 | International Business Machines Corporation | Method and system for network management with topology system providing historical topological views |
US20030033404A1 (en) | 2001-08-09 | 2003-02-13 | Richardson David E. | Method for automatically monitoring a network |
-
2003
- 2003-03-06 AU AU2003208222A patent/AU2003208222A1/en not_active Abandoned
- 2003-03-06 US US10/506,815 patent/US8676972B2/en active Active
- 2003-03-06 WO PCT/CA2003/000307 patent/WO2003075531A1/en not_active Application Discontinuation
- 2003-03-06 EP EP03706175A patent/EP1481523A1/en not_active Withdrawn
- 2003-03-06 CA CA002478128A patent/CA2478128A1/en not_active Abandoned
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP0580350A1 (en) * | 1992-07-21 | 1994-01-26 | Digital Equipment Corporation | Access control subsystem and method for distributed computer system using locally cached authentication credentials |
WO2002014987A2 (en) * | 2000-08-18 | 2002-02-21 | Camelot Information Technologies Ltd. | An adaptive system and architecture for access control |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
AT500912A1 (en) * | 2003-10-13 | 2006-04-15 | Siemens Ag | METHOD FOR REMOTE MAINTENANCE AND / OR MONITORING OF A SYSTEM TO MAINTAIN |
US7555782B2 (en) | 2003-10-13 | 2009-06-30 | Siemens Aktiengesellschaft | Arrangement and method for limiting access to access-protected data in a system during remote servicing thereof |
Also Published As
Publication number | Publication date |
---|---|
EP1481523A1 (en) | 2004-12-01 |
AU2003208222A1 (en) | 2003-09-16 |
US20050198323A1 (en) | 2005-09-08 |
CA2478128A1 (en) | 2003-09-12 |
US8676972B2 (en) | 2014-03-18 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP1779236B1 (en) | Method and system for detection of aliases in a network | |
US6442144B1 (en) | Method and apparatus for discovering network devices using internet protocol and producing a corresponding graphical network map | |
US8595339B2 (en) | Network management apparatus and method | |
US8285705B2 (en) | Hosted searching of private local area network information | |
US6101541A (en) | Active polling by network LDAP directory | |
US7694343B2 (en) | Client compliancy in a NAT environment | |
US8230480B2 (en) | Method and apparatus for network security based on device security status | |
US8208381B2 (en) | Root-cause approach to problem diagnosis in data networks | |
US8006282B2 (en) | Method and system for tracking a user in a network | |
US10044765B2 (en) | Method and apparatus for centralized policy programming and distributive policy enforcement | |
US20030023711A1 (en) | Identifying network management policies | |
EP1589691B1 (en) | Method, system and apparatus for managing computer identity | |
US20080263626A1 (en) | Method and system for logging a network communication event | |
US20040267749A1 (en) | Resource name interface for managing policy resources | |
CN100433645C (en) | Network device management method and network management system | |
EP1723745A1 (en) | Isolation approach for network users associated with elevated risk | |
JP2000047924A (en) | System and method for restricting database access to managed object information using permission table that specifies access right corresponding to user access right to managed object | |
US8117181B2 (en) | System for notification of group membership changes in directory service | |
US8676972B2 (en) | Method and system for a network management console | |
US20030177222A1 (en) | Methods and apparatus for detecting and providing notification of computer system problems | |
CN112565203B (en) | Centralized management platform | |
US20020116483A1 (en) | Method and apparatus for defining application scope and for ensuring finite growth of scaled distributed applications | |
Cisco | Configuring SNMP | |
US10986136B1 (en) | Methods for application management and monitoring and devices thereof | |
Slavitch | Ramaswamy et a1. |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A1 Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ OM PH PL PT RO RU SC SD SE SG SK SL TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A1 Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR IE IT LU MC NL PT SE SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
DFPE | Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101) | ||
WWE | Wipo information: entry into national phase |
Ref document number: 2478128 Country of ref document: CA |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2003706175 Country of ref document: EP |
|
WWP | Wipo information: published in national office |
Ref document number: 2003706175 Country of ref document: EP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 10506815 Country of ref document: US |
|
WWW | Wipo information: withdrawn in national office |
Ref document number: 2003706175 Country of ref document: EP |
|
NENP | Non-entry into the national phase |
Ref country code: JP |
|
WWW | Wipo information: withdrawn in national office |
Country of ref document: JP |